Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-20 | CVE-2024-13888 | Open Redirect vulnerability in Amauri Wpmobile.App The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. | 6.1 |
| 2025-02-20 | CVE-2025-0897 | Cross-site Scripting vulnerability in Wow-Company Modal Window The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-20 | CVE-2025-1064 | Cross-site Scripting vulnerability in Xootix Login/Signup Popup The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xoo_el_action shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-20 | CVE-2024-13155 | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-20 | CVE-2024-13445 | Cross-site Scripting vulnerability in Elementor Website Builder The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-20 | CVE-2024-43196 | IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. | 4.3 |
| 2025-02-20 | CVE-2024-49355 | IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. | 5.3 |
| 2025-02-20 | CVE-2024-49782 | IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. | 6.8 |
| 2025-02-19 | CVE-2025-21355 | Missing Authentication for Critical Function vulnerability in Microsoft Bing Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network | 9.8 |
| 2025-02-19 | CVE-2025-24989 | Unspecified vulnerability in Microsoft Power Pages An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. | 9.8 |